SUMMARY
The sample code in this article uses Active Directory Services Interfaces (ADSI) along with a resource kit object from the Platform SDK to find all of the mailboxes linked to a particular Windows Domain account.
A Microsoft Exchange Server recipient may have a primary Windows Domain account associated with it. Since it is most common to associate a Windows Domain account with a mailbox, this article refers to the recipient as such. However, it is worth noting that a Windows Domain account can be linked with a custom recipient as well. In both cases, this link is created by storing the security identifier (SID) of the Windows Domain account in an attribute on the object in the directory.
back to the topFind recipients that are associated with an NT account
ADSI has a Lightweight Directory Access Protocol (LDAP) provider that can be used to retrieve information from the Exchange directory. The mailbox attribute which stores the Primary Windows Domain account has an LDAP name of Assoc-NT-Account. The Assoc-NT-Account attribute does not contain the security account's textual name, but rather a binary string representation of the SID. Every object in the Windows NT Security Domain has an SID. Also, most of the objects, such as Windows NT user accounts, have names that can be displayed as MyDomain\MyUserName.
The example below takes the domain and username of a Windows Domain account as inputs. It retrieves the SID for that account from the primary domain controller as an array of bytes. Next, it converts the binary array into the string representation format that the SID is stored in by Exchange. Finally, the example queries Exchange for all Assoc-NT-Account attributes with that value and displays them.
The code below requires that both the ADSI run time and the ADsSecurity.dll file are properly installed on the system. The ADsSID class of the ADsSecurity object is used to retrieve the SID and covert it into the string representation. This process could be done in an application without the use of this object. However, it is included here so that the example can be used in a scripting environment.
'Dim oConn As ADODB.Connection
'Dim oRS As ADODB.Recordset
'Dim oSid As ADSSECURITYLib.ADsSID
'Dim strServerName As String
'Dim strDomain As String
'Dim strUsername As String
'Dim strSid As String
'Dim strQuery As String
Const ADS_SID_HEXSTRING = 1
Const ADS_SID_WINNT_PATH = 5
'To Do: replace with proper names in the environment
strServerName = "MyExchangeServer"
strDomain = "MyDomain"
strUsername = "MyUsername"
Set oSid = CreateObject("ADsSid") 'from ResourceKit
oSid.SetAs ADS_SID_WINNT_PATH, "WinNT://" & strDomain & "/" & strUsername 'Get the user account SID
strSid = oSid.GetAs(ADS_SID_HEXSTRING) 'Convert to binary string
strQuery = "<LDAP://" & strServerName & ">;(&(objectCategory=person)(Assoc-NT-Account=" & strSid & "));adspath,cn,mail;subtree"
Set oConn = CreateObject("ADODB.Connection") 'Create an ADO Connection
oConn.Provider = "ADsDSOOBJECT" ' ADSI OLE-DB provider
oConn.Open "ADs Provider"
Set oRS = oConn.Execute(strQuery)
If oRS.BOF And oRS.EOF Then
MsgBox "Unable to retrieve your information"
Else
While Not oRS.EOF
MsgBox "Mailbox : " & oRS.Fields("cn") & vbLf & "Email : " & oRS.Fields("mail")
oRS.MoveNext
Wend
End If
'Clean Up
Set oSid = Nothing
oRS.Close
oConn.Close
Set oRS = Nothing
Set oConn = Nothing
back to the topREFERENCES
For more information about operating system-specific ADSI run-time downloads, visit the following Microsoft Web site:
For more information ADSI ADO provider, click the following article number to view the article in the Microsoft Knowledge Base:
187529
How to use ADO to access objects through an ADSI LDAP provider
The ADsSecurity.dll file is part of Active Directory Service Interfaces (ADSI) software development kit (SDK) 2.5.
To download ADSI SDK 2.5, visit the following Microsoft Web site:
back to the top